Unfortunately, We have to inform you we are using the PayHere gateway, and there got a cyberattack a few days ago as they mention, Our responsibility is to Inform our customers who are using our payment gateway.


Here is the PayHere email about the Cyber Attack :





As we informed you through the detailed cybersecurity Incident Report, unfortunately, there has been a data compromise that occurred from our systems as a result of the cyberattack on PayHere on the 2nd of April 2022.

We regret the inconvenience this incident has caused you and we sincerely apologize for putting you through all this. We would like to make you aware of the current status & the way forward with our service.

Please find below FAQs & what you need to do.

What is a data compromise?

  • Data compromise means the unauthorized access, disclosure, transmission and/or use of the data by a third party.

Who has compromised the data?

  • The cyber attacker has compromised the data on PayHere systems during the attack on the 2nd of April 2022.

What data has been compromised?

  • The entire database has been compromised which includes merchant data, customer data & payment data, except the full card numbers.

How the full card numbers were not compromised?

  • We do not store full card numbers in our database, since the card payments are directly processed by our partner banks.
  • We only get access to the masked card numbers (first 6 digits & last 4 digits) which are returned by partner banks after processing card payments.

Have the masked card numbers been compromised?

  • Yes, but a masked card number cannot be used to perform any financial transaction. 

Is there a financial risk in compromising masked card numbers?

  • No. Since the full card number is needed to perform any financial transaction, there's no financial risk in compromising masked card numbers.

What PII data has been compromised?

  • The PII (Personally Identifiable Information) compromised by the attacker includes names, emails, addresses, phone numbers, purchase histories, masked card numbers & IP addresses of our merchants & their customers, and the information submitted by the merchants when applying for PayHere service.

Do we need to inform our customers?

  • Yes, inform your customers that a data compromise has happened due to PayHere's recent cyberattack. But also inform that they have no financial risk since the full card numbers have not been compromised. You can also advise them to activate two-factor authentication on their internet accounts.

What are the steps needed to be taken after a data compromise?

Why it took one month to inform this data compromise?

  • The Cyber Crime Investigation Division (CCID) of Sri Lanka Police started the criminal investigations to identify the attacker soon after the attack & we received legal advice to hold publishing the report as it may interfere with investigations.

Is PayHere still under attack?

  • No, as we moved to a new server infrastructure, we are confident that the attacker no longer has access to our systems. We have taken all the necessary steps to tighten our security on multiple levels to avoid future attacks. 

What are the steps taken to avoid data compromises in the future?

  • Throughout the last month, our team worked really hard to strengthen the security of our systems with the help of a team of Cyber Security experts.
  • We moved to a new server infrastructure & re-engineered our network architecture to have advanced security measurements to mitigate future attacks from the network level.
  • We performed independent source code analysis & vulnerability assessments before re-deploying our systems Live to mitigate security risks at the application level & to ensure that our systems are secure to avoid any future attacks.
  • We also expect to get ISO 27001 security management certification for our systems to better protect the PII data against such data compromises.

What are the legal actions taken about the data compromise?

  • The Cyber Crime Investigation Division (CCID) of Sri Lanka Police has started investigations to identify the attacker who compromised the data.
  • We're working with law experts to take maximum legal actions against the attacker as per the provisions of the Computer Crime Act & Personal Data Protection Act in Sri Lanka.

This incident is something that we never expected, but we value transparency therefore we acknowledge what happened. We again apologize for taking the time to inform you about this, even though it was due to the legal recommendation & the on-going police investigations. 

We’ve learnt a lot from this incident, and as we work with the security experts, we ensure your data are secure now and in the future. Despite this serious incident, we are glad that we could avoid any financial losses to any of our users.

We further expect your understanding & support during this tough time as we work really hard with integrity to ensure you a better & secure service ahead.

Thank you!
PayHere Support

Tuesday, May 3, 2022

« Back